LIS 525 - Firewalls

A firewall isolates a computer from the Internet using code that inspects each individual packet of data, inbound or outbound, to determine whether it should be allowed to pass.

Many products call themselves firewalls but in fact are not. Also, many firewall products are limited in their capabilities; for example, corporate firewalls tend to be concerned with attacks from outside, but not with viruses, Trojans, or adware that may be run on computers within the firewall, access servers elsewhere on the Internet, and transmit private information.

Microsoft Windows XP includes a built-in Internet Connection Firewall. When enabled, the Internet Connection Firewall blocks all unsolicited connections originating from the Internet outside a protected network and prevents the scanning of ports and resources.

Seeing Whether a Firewall Is Needed or How Well an Existing Firewall Is Working

Gibson Research provides a free Web-based service (ShieldsUp) which tests Internet connections and probes common ports of a single computer to look for vulnerabilities.

When ShieldsUp is used to probe common ports on a (faculty) computer on the FIMS LAN, it returns the following information:

When commonly used ports are probed, the following results are reported:

Your system has achieved a perfect "TruStealth" rating. Not a single packet solicited or otherwise was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet.
Port Service Status
0 <nil> Stealth
21 FTP Stealth
22 SSH Stealth
23 Telnet Stealth
25 SMTP Stealth
79 Finger Stealth
80 HTTP Stealth
110 POP3 Stealth
113 IDENT Stealth
119 NNTP Stealth
135 RPC (Remote Procedure Call) Stealth
139 Net BIOS Stealth
143 IMAP Stealth
389 LDAP Stealth
443 HTTPS Stealth
445 MSFT DS Stealth
1002 ms-ils Stealth
1024 DCOM Stealth
1025-1030 Host Stealth
1720 H.323 Stealth
5000 UPnP Stealth
"Stealth" means that there is no evidence that the port exists at the given IP address; if all ports have status "stealth", the computer cannot be detected. "Closed" would mean that the port exists but is currently closed to connections. "Open" should only be true for ports through which the computer is supposed to be actively offering Internet services (that is, acting as a server). Since the computer is not currently supposed to be acting as a server, the settings appear appropriate.

For More Information


Home

Last updated October 31, 2007.
This page maintained by Prof. Tim Craven
E-mail (text/plain only): craven@uwo.ca
Faculty of Information and Media Studies
University of Western Ontario,
London, Ontario
Canada, N6A 5B7